CI/CD with GitHub Actions: DevOps Journey Continued

DevOps Journey Started. Step 1: Containerization with Docker Link:- • GitHub https://lnkd.in/gwfXsp_3 • App https://lnkd.in/d5JnhrGz • Containerized frontend & backend using Dockerfiles • Optimized images using .dockerignore, multi-stage builds, and layer caching • Structured project with a clean multi-service setup via docker-compose • Enabled service-to-service communication using Docker networking • Used volumes for persistence and improved development workflow • Managed environment variables using .env (development & production) Next step: CI/CD with GitHub Actions. #docker #development #fullstack #devops

I made a manual change directly in my cluster to test something quickly. Flux reverted it within 60 seconds. At first I was annoyed. Then I realised that was exactly the point. Drift detection is a Flux feature that watches for any difference between what is in Git and what is actually running in the cluster. The moment it finds one it reconciles back to Git automatically. That means if anyone, including me, runs a manual kubectl edit or kubectl patch directly on a resource that Flux manages, Flux will undo it. Here is why that is a feature not a bug. In a real team environment someone will always make a quick manual change to fix something urgently. Without drift detection that change lives in the cluster but not in Git. Over time those undocumented changes accumulate. Nobody knows what is actually running anymore or why it differs from the repo. With drift detection Git is always the truth. Always. No exceptions. The discipline it enforces is uncomfortable at first. You cannot just tweak things directly anymore. Every change has to go through Git. But that discomfort is the whole point. It forces good habits and makes your infrastructure trustworthy. Have you ever had an environment drift so far from its config that nobody knew what was actually running? 👇 Follow me, I am documenting everything I build and learn in my home lab. #GitOps #Kubernetes #DevOps #FluxCD #CloudNative

DevOps teams, platform engineers building CI/CD pipelines, teams moving API testing into automation Git-Friendly API Tools? Great. But Can You Actually Run Them in CI/CD Without Installing Desktop Apps? CLI-native execution vs GUI tools with Git integration Your team switched to Bruno. Collections in Git ✓. Feature branches work ✓.  Everything local ✓. Perfect... until you need to run tests in GitHub Actions. You check Bruno docs for CLI. There's bru CLI but it's experimental, limited  features. You check Postman. Newman exists but needs your collection exported  first. You check Apidog. No headless CLI at all. Your pipeline needs: 1. Clone repo 2. Install Node.js 3. Install Newman globally   4. Export Postman collection to JSON 5. Hope environment variables match 6. Run newman run collection.json -e env.json 7. Parse Newman's output format And if you're using Bruno? Good luck. The GUI is great for devs, but your  CI/CD pipeline can't run a desktop app. 💡 SIH is CLI-first. Workflows ARE the runtime format. No export, no conversion, no desktop app. #SIH #SphereIntegrationHub #Automation #CLI #CICD #Git #PostMan #Bruno #ApiDog #GitHubAction #ApiCentric

Goodbye, Manual Deployment! 👋 | Continuous Integration and Deployment using GitHub Actions & Hostinger I am delighted to announce the successful setup of an automated CI/CD pipeline for my most recent React application! 🚀 Prior to doing this, my deployment process involved steps such as: 1. Building locally. 2. Accessing FTP or the File Manager interface. 3. Uploading the contents of the dist folder manually. 4. Hoping to God I did not forget any files! 😂 Now, however, with the use of GitHub Actions, my workflow involves the following: ✅ Automation of the Build Process: Each commit to the code base generates a build within the virtual environment. ✅ Intelligent Sync Process: All production-relevant files are automatically synchronized to my Hostinger server using FTP. ✅ Lightning-Fast Deployment: My changes are live on the web in less than 2 minutes without human intervention. Aside from saving me time, the process helped me gain further insight into DevOps automation and how it can transform a developer’s workflow. 💻✨ More automation coming up next! 🛠️ #WebDevelopment #ReactJS #GitHubActions #CICD #DevOps #Automation #Hostinger #SoftwareEngineering #ContinuousDeployment

Your Copilot Agent Now Gets Its Own Safe Sandbox 🏗️ You know that legacy codebase nobody wants to touch? The one your senior wrote 5 years ago? Now imagine Copilot could refactor it — run docker build, update dependencies, run tests — without having access to your actual machine. That's exactly what Docker Sandbox does. How it works One command: docker sandbox run copilot -/my-legacy-app This spins up a lightweight VM on your machine. Inside it, Copilot gets: 🐳 Its own Docker daemon — not yours. It can docker build and docker compose freely without touching your host's Docker socket. 📁 Your project folder synced in — same exact path (/Users/dev/my-project), so builds don't break. Changes sync back automatically. Bidirectional. 🌐 Filtered network — can reach npm, PyPI, Maven. Can't reach your internal network or cloud metadata. Supply chain attacks blocked. 🔓 Full freedom inside — no "are you sure?" prompts every 2 seconds. The VM boundary IS the security. Even rm -rf / inside the sandbox won't touch your laptop. The agent refactors your code, containerizes your app, runs tests — all inside this sandbox. Results sync back to your machine. Done. Fleet mode — the real magic Run multiple sandboxes in parallel via Docker Desktop. 10 repos, 10 agents, simultaneously. Teams using this are merging 60% more PRs than those still clicking "approve" on every command. docker sandbox stop my-sandbox # cleanup docker sandbox rm my-sandbox This is honestly what we needed. Not another tool, but a safe way to let Copilot actually do the heavy lifting on legacy code — without risking production. Tech debt compounds like credit card interest. This helps you finally pay it off 💪 📎 Full walkthrough: https://lnkd.in/gAax6rDR #GitHubCopilot #Docker #MicroVM #DevOps #TechDebt #DeveloperLife #Coding

Your Docker images don't need to be 1.2 GB. I see it constantly: teams shipping containers with build tools, dev dependencies, and entire SDK toolchains baked into production images. The fix takes five minutes. Multi-stage builds let you separate the build environment from the runtime environment. You compile in one stage, then copy only the final artifact into a minimal base image. That's it. Here's the pattern I use for every Go service we deploy: Result: ~12 MB instead of 1.2 GB. Faster pulls, smaller attack surface, cleaner CVE scans. The distroless base has no shell, no package manager — nothing an attacker can use. Three rules I follow for every Dockerfile: → Pin image tags to a digest, not latest → Order layers from least to most frequently changed → Never ship what you don't need at runtime Small images aren't just tidy. They're faster to deploy, cheaper to store, and harder to exploit. #DevOps #Docker #CloudNative #ContainerSecurity #PlatformEngineering

More code will be written in the next 5 years than in all of history. That raises a real challenge for DevOps/SRE. Tooling was built for humans, not always-on agents generating code at scale. We may be heading toward a bottleneck in how we manage and version that explosion of code and state. Interesting to see ideas like Artifacts emerging as teams start rethinking this. https://lnkd.in/gc39tYkz #DevOps #SRE #SiteReliability #Engineer #Git

Ever had your entire project architecture almost destroyed the day before the final review? That was me today with CodeRunner, where I am building a scalable contest hosting site and remote code execution engine. I spent weeks designing it with microservices, but a teammate accidentally refactored the whole thing into a monolith and tried to push it directly to the repo. The only reason our work survived is because I had locked down the main branch. By blocking force pushes and requiring mandatory PR reviews, the system automatically rejected their changes. You should also use GitHub rulesets in your repos to avoid such situations and protect your code! It provides many options to save your branches, as you can see in the pic below where I created a ruleset for main branch protection. #BuildInPublic #SystemDesign #DevOps #Microservices #CodeRunner

The last manual step in my GitOps setup was updating image tags. A new version of an app would get published and I would have to go into my repo, find the deployment manifest, and bump the tag by hand. That is not automation. That is just moving the manual work to a different place. Renovate fixed that. Here is how the full automation chain works now: - A new Docker image gets published to the registry. - Renovate detects the new tag automatically. - Renovate opens a pull request in my home lab repo suggesting the version bump. - I review and merge it. - Flux detects the change and updates the running pod. I never touch the manifest directly. I just review a pull request. Now GitOps can actually do this entire flow automatically including the merge. But I deliberately keep the manual review step. Every update goes through my eyes before it hits the cluster. I see what changed, what version it moved to, and I make the call to merge. That is how I actually stay on top of what is running in my environment and why. Full automation is powerful. Intentional automation is better. Are you automating image updates in your setup or still bumping tags manually? 👇 Follow me, I am documenting everything I build and learn in my home lab. #DevOps #GitOps #Kubernetes #CloudNative #Automation

🚀 We cut our deployment time by 60%. Here's exactly how we did it. 6 months ago, our deploys were painful. Manual steps. Flaky pipelines. Engineers burned out waiting. Then we rebuilt everything with Jenkins + ArgoCD — and the results were staggering. Here's what changed: #Before: ❌ ~45 min average deploy time ❌ Human errors on every 3rd release ❌ Zero visibility into what's running in prod ❌ Devs dreading deploy Fridays #After: ✅ ~18 min average deploy time (-60%) ✅ GitOps-driven — Git is the single source of truth ✅ ArgoCD syncs automatically, drift detected instantly ✅ Devs ship with confidence, not anxiety The 3 things that made the difference: 1️⃣ Jenkins for CI, ArgoCD for CD — clear separation of concerns Jenkins builds, tests, and pushes the image. ArgoCD owns delivery. No blurring of responsibilities. 2️⃣ GitOps = Auditability on autopilot Every change to prod is a Git commit. Who changed what, when, and why — always visible. 3️⃣ Auto-sync + health checks killed manual approvals ArgoCD monitors Kubernetes state continuously. Drift? Caught and corrected automatically. The real win wasn't just speed. It was trust — trust that what's in Git is what's in prod. Trust that the team can deploy daily without fear. If your team is still doing manual deploys or struggling with slow pipelines, this stack is worth exploring. Happy to share our Jenkins pipeline template or ArgoCD app configs — just drop a "Share" in the comments. 👇 #DevOps #CI #CD #Jenkins #ArgoCD #GitOps #Kubernetes #SoftwareEngineering #CloudNative #DeploymentAutomation #SRE #PlatformEngineering